httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <madhusudan_mathiha...@hp.com>
Subject RE: [PATCH] Try to use OPENSSL_free instead of free
Date Fri, 25 Oct 2002 00:39:19 GMT
Okay here, it comes [complete patch]

Thanks
-Madhu

Index: CHANGES
===================================================================
RCS file: /home/cvspublic/httpd-2.0/CHANGES,v
retrieving revision 1.959
diff -u -r1.959 CHANGES
--- CHANGES     24 Oct 2002 15:47:31 -0000      1.959
+++ CHANGES     25 Oct 2002 00:37:54 -0000
@@ -1,5 +1,11 @@
 Changes with Apache 2.0.44
 
+  *) mod_ssl uses free() inappropriately in several places, to free
+     memory which has been previously allocated inside OpenSSL.
+     Such memory should be freed with OPENSSL_free(), not with free().
+     [Nadav Har'El <nyh@math.technion.ac.il>,
+      Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>].
+

Index: ssl_engine_kernel.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.78
diff -u -r1.78 ssl_engine_kernel.c
--- ssl_engine_kernel.c 14 Oct 2002 04:15:58 -0000      1.78
+++ ssl_engine_kernel.c 23 Oct 2002 23:46:38 -0000
@@ -968,7 +968,7 @@
         X509_NAME *name = X509_get_subject_name(sslconn->client_cert);
         char *cp = X509_NAME_oneline(name, NULL, 0);
         sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
-        free(cp);
+        modssl_free(cp);
     }

     clientdn = (char *)sslconn->client_dn;
@@ -1299,11 +1299,11 @@
                      iname ? iname : "-unknown-");

         if (sname) {
-            free(sname);
+            modssl_free(sname);
         }

         if (iname) {
-            free(iname);
+            modssl_free(iname);
         }
     }

@@ -1555,7 +1555,7 @@
                                  "Certificate with serial %ld (0x%lX) "
                                  "revoked per CRL from issuer %s",
                                  serial, serial, cp);
-                    free(cp);
+                    modssl_free(cp);
                 }

                 X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
@@ -1593,6 +1593,7 @@
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s",
                  sc->vhost_id, msg, dn ? dn : "-uknown-");
+    modssl_free(dn);
 }

 /*

Index: ssl_engine_vars.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_vars.c,v
retrieving revision 1.20
diff -u -r1.20 ssl_engine_vars.c
--- ssl_engine_vars.c   28 May 2002 21:47:31 -0000      1.20
+++ ssl_engine_vars.c   23 Oct 2002 23:51:25 -0000
@@ -334,7 +334,7 @@
         xsname = X509_get_subject_name(xs);
         cp = X509_NAME_oneline(xsname, NULL, 0);
         result = apr_pstrdup(p, cp);
-        free(cp);
+        modssl_free(cp);
         resdup = FALSE;
     }
     else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
@@ -346,7 +346,7 @@
         xsname = X509_get_issuer_name(xs);
         cp = X509_NAME_oneline(xsname, NULL, 0);
         result = apr_pstrdup(p, cp);
-        free(cp);
+        modssl_free(cp);
         resdup = FALSE;
     }
     else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) {

Index: ssl_toolkit_compat.h
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_toolkit_compat.h,v
retrieving revision 1.25
diff -u -r1.25 ssl_toolkit_compat.h
--- ssl_toolkit_compat.h        21 Aug 2002 19:12:46 -0000      1.25
+++ ssl_toolkit_compat.h        23 Oct 2002 23:46:38 -0000
@@ -105,6 +105,8 @@

 #define modssl_set_cipher_list SSL_set_cipher_list

+#define modssl_free OPENSSL_free
+
 #define EVP_PKEY_reference_inc(pkey) \
    CRYPTO_add(&((pkey)->references), +1, CRYPTO_LOCK_X509_PKEY)

@@ -147,6 +149,8 @@

 #define modssl_set_cipher_list(ssl, l) \
    SSL_set_cipher_list(ssl, (char *)l)
+
+#define modssl_free free

 #ifndef PEM_F_DEF_CALLBACK
 #define PEM_F_DEF_CALLBACK PEM_F_DEF_CB

Mime
View raw message